SSL certificate failing to verify inside docker runner
Summary
GitLab runner fails to run
Steps to reproduce
- Use valid (wildcard; e.g.
*.example.com
) TLS certificate (issued by COMODO) with GitLab Omnibus installation on an Ubuntu 14.04 host; host scores an A+ on the Qualys SSL tester - Run GitLab runner within Docker
Actual behavior
GitLab runner job fails to run.
Expected behavior
GitLab runner job runs successfully.
Relevant logs and/or screenshots
Job log:
Running with gitlab-runner 10.0.0 (2055cfdc)
on xxxxxxxxxxxx.example.com (zzzz5175)
Using Docker executor with image docker:latest ...
Using docker image sha256:6ccaccc8c1678cfc3f3552a3feeee4b9768e54d1e8c58632ce1a2390ab9af42e for predefined container...
Pulling docker image docker:latest ...
Using docker image docker:latest ID=sha256:5b7585e8dd70eadf71435f10a6490d8d17a950c49e86f48810b5bdc6219b2765 for build container...
Running on runner-zzzz5175-project-151-concurrent-0 via 1e1c39abe519...
Fetching changes...
HEAD is now at xxxxxxx yyyyyyyyyyyyy
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.example.com/group/project.git/': SSL certificate problem: self signed certificate
ERROR: Job failed: exit code 1
Runner log:
Checking for jobs... received job=6560 repo_url=https://git.example.com/group/project.git runner=zzzz5175
WARNING: Job failed: exit code 1 job=6560 project=151 runner=zzzz5175
Environment description
$ docker info
Containers: 39
Running: 22
Paused: 0
Stopped: 17
Images: 510
Server Version: 17.05.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 963
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local nfs
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9048e5e50717ea4497b757314bad98ea3763c145
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 3.16.0-77-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.858GiB
Name: xxxxxxxx.example.com
ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
provider=generic
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
WARNING: No swap limit support
Used GitLab Runner version
# gitlab-runner --version
Version: 10.0.0
Git revision: 2055cfdc
Git branch:
GO version: go1.8.3
Built: Fri, 22 Sep 2017 12:41:00 +0000
OS/Arch: linux/amd64
config.toml
[[runners]]
name = "xxxxxxxxxx.example.com"
url = "https://git.example.com/ci"
token = "xxxxxxxxxxxxxxxxxxx"
executor = "docker"
[runners.docker]
tls_verify = false
image = "docker:latest"
privileged = true
disable_cache = false
cache_dir = "/cache"
volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
[runners.cache]
Insecure = false
Also tested with the following under runners.docker
:
environment = ["GIT_SSL_NO_VERIFY=true"]
Edited by username-removed-422948